Logo
Unit42 Logo
  • Tools
  • ATOMs
  • Security Consulting
  • About Us
  • Under Attack?

Posts created by: Robert Falcone

Threat Brief: OWASSRF Vulnerability ExploitationA pictorial representation of the ProxyNotShell bypass threat brief
35,912
people reacted

Threat Brief: OWASSRF Vulnerability Exploitation

  • By Robert Falcone and Lior Rochberger
  • December 22, 2022 at 5:30 PM

11

9 min. read

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)A conceptual image representing a vulnerability, such as CVE-2022-22965, aka SpringShell, discussed here.
99,134
people reacted

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

  • By Haozhe Zhang, Ken Hsu, Tao Yan, Qi Deng and Robert Falcone
  • March 31, 2022 at 4:30 PM

87

12 min. read

Trending

  • Answers to Unit 42 Wireshark Quiz, January 2023 by Brad Duncan
  • Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats by Zhibin Zhang
  • Unit 42 Wireshark Quiz, January 2023 by Brad Duncan
  • Chinese PlugX Malware Hidden in Your USB Devices? by Mike Harbison
Threat Brief: Ongoing Russia and Ukraine Cyber ActivityA conceptual image representing cyber conflict such as the use of CVE-2021-32648 and WhisperGate currently targeting Ukraine.
71,148
people reacted

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

  • By Robert Falcone, Mike Harbison and Josh Grunzweig
  • January 20, 2022 at 12:30 PM

54

8 min. read

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.
292,518
people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

  • By Tao Yan, Qi Deng, Haozhe Zhang, Yu Fu, Josh Grunzweig, Mike Harbison and Robert Falcone
  • December 10, 2021 at 1:00 PM

468

15 min. read

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk PlusA conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.
59,089
people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

  • By Robert Falcone and Peter Renals
  • December 2, 2021 at 6:00 AM

19

10 min. read

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge StealerA conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.
102,438
people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

  • By Robert Falcone, Jeff White and Peter Renals
  • November 7, 2021 at 6:00 PM

66

18 min. read

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" ToolsMespinoza ransomware gang
49,721
people reacted

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

  • By Robert Falcone, Alex Hinchliffe and Quinn Cooke
  • July 15, 2021 at 3:00 AM

20

23 min. read

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)A conceptual image representing the new cryptocurrency stealer, WeSteal.
44,102
people reacted

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

  • By Robert Falcone and Simon Conant
  • April 29, 2021 at 12:01 AM

35

9 min. read

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of CredentialsA conceptual image representing espionage, such as the attempted (but unsuccessful) credential harvesting discussed here.
40,301
people reacted

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

  • By Robert Falcone
  • April 15, 2021 at 6:00 AM

21

8 min. read

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral MovementThe BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.
47,987
people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

  • By Robert Falcone
  • January 11, 2021 at 12:01 AM

20

25 min. read

Threat Assessment: Egregor RansomwareConceptual image illustrating Egregor ransomware.
36,793
people reacted

Threat Assessment: Egregor Ransomware

  • By Doel Santos, Brittany Barbehenn and Robert Falcone
  • December 8, 2020 at 6:00 PM

32

5 min. read

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and ControlA conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.
44,497
people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

  • By Robert Falcone
  • November 9, 2020 at 12:00 AM

35

12 min. read

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North AfricaAn illustration of the concept of ransomware, including Thanos
58,640
people reacted

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

  • By Robert Falcone
  • September 4, 2020 at 6:00 AM

14

13 min. read

Threat Assessment: WastedLocker RansomwareConceptual image illustrating WastedLocker ransomware
43,232
people reacted

Threat Assessment: WastedLocker Ransomware

  • By Alex Hinchliffe, Doel Santos, Adrian McCabe and Robert Falcone
  • July 30, 2020 at 6:00 AM

30

4 min. read

OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its InventoryA conceptual illustration showing a world map along with icons representing malware and other tools used by malicious actors
58,442
people reacted

OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory

  • By Robert Falcone
  • July 22, 2020 at 6:00 AM

28

18 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2023 Palo Alto Networks, Inc. All rights reserved.